Manage Global Whitelists

To allow executable files to run from local folders and external media and allow child processes initiated from parent processes in a specific folder, you can configure a global whitelist. Similar to the existing whitelist functionality for Java processes, unsigned executable files, and Thread Injection, you can specify full paths and path variables and can also use wildcards for pattern matching (
%
to match similar terms and
*
to match any characters).
Items in the whitelist section also take precedence over any blacklisted items and are evaluated first in the security policy.
  1. Select
    Policies
    Malware
    Restriction Settings
    .
  2. To specify whether Traps blocks an executable file that it is opened from a location not included in the whitelist or that is younger than the block period, configure the
    Action
    as one of the following:
    • Notification
      —Do not block access to executable files and processes but log when files that are opened from locations not included in the whitelist and report those events to the ESM.
      or
    • Prevention
      —Block executable files and processes.
  3. To specify whether Traps should notify the user when an executable file is opened from a location not included in the whitelist, configure the
    User Alert
    as one of the following:
    • On
      —Notify the user.
      or
    • Off
      —Do not notify the user.
  4. Click the add folder icon next to the whitelist area for Local Folder, Child Process, or Media Control and enter the full path or partial path. For example,
    C:\Windows\filename.exe
    .
    Whitelists also support wildcards and environmental variables, such as
    %windir%
    (for more details, see Wildcards and Variables in Policy Rules).
  5. Click
    Commit
    to save your changes.

Recommended For You